Brian: incomplete. Will hook up links and flesh out a bit soon...
I developed a trick for distributing a test web service implementation. A test implementation would be used by someone else externally to develop a Web Service client. Its an implementation that runs locally on the external developer's machine serving up "dummy" data, but using the correct WSDL and message validity just like a production version of the web service.
Using a test implementation means my company doesn't have to host and maintain a test implementation on public web servers. Its really amazing how resistant IT departments are towards making implementations available externally, and this solution avoid dealing with those people at all.
The idea is that a test implementation of the web service is "pushed" to a client machine through JNLP (Java Web Start). The test implementation is downloaded and runs locally on the client machine when the user clicks particular web page link -- if you are at all familiar with Java Web Start then ou know what I'm talking about. The test implementation is downloaded and run on the client's machine in its own window.
Of course the security implications are pretty drastic -- basically the external developer is downloading and executing an application over the Internet -- recipe for disaster. The solution to this terrible security problem is restricted trust: you must digitally sign the JAR file containing the test implementation of the web service, and the external developer must trust that your implementation will not do anything "bad" while it is running.
I use this trick when I'm developing a web service for consumption by a very few trusted and trusting external organizations. The external developer knows me and I know him, so this type of trusted applicatgion is probably adequate. Of course if you are in a situation when this type of trust would not be appropriate, then of course you wouldn't want to use this trick.
The important pieces of the trick are:
- Packing up a test web service implementation as a web application -- a J2EE WAR file.
- Packing up the WAR file with a small J2EE Servlet container, such as Jetty.
- Building a JNLP main application that starts the small web server and makes it host the web service web-app.
Here is an example. Click on it and it will download an application that will host a "Hello, World!"-type web service locally. I have digitally signed the application JAR file, which means when you click on the link above you'll be asked whether or not you trust me to run an application "without restrictions" on your local machine. If you click "yes" then the application will run on your local machine, all with just a couple clicks of the mouse.
To be honest, I'm not sure you would want to click "yes" if you don't know me and trust me already. That's just asking for trouble, right? I could be a very clever hacker trying to take over your system through this blog entry. Instead you can download all my original source and an ANT build script, recompile and try running the application yourself (requires JDK 1.4+ and ANT installed). This gives you he chance to peruse the source code to make sure the test implementation won't try to do aything malicious to your system or your local network.
3:34:34 PM 
|
